Steam phishing scam bypasses Steam Guard, goes fishing for your trading cards

Tom Sykes at

Valve has so much faith in its Steam Guard technology that Gabe Newell once famously gave the world his password and dared it to gain access to his account - but the system is not entirely secure. A new phishing scam can bypass Steam Guard entirely, by gaining access to a specific file on the hackee's computer. I'll detail it below, but the gist is that if Steam ever tells you it needs to download a special SSFN file, do not comply. Also: that's not the wallet inspector.

You probably know how Steam Guard works by now: it's that code verification email thing that appears when you try to log into Steam from a new computer, or on your browser. Well, scammers have found a way past this, by asking for your username and password, but also for permission to download an SSFN file from your computer. This file tells Steam that it doesn't need to do a security check every time you start Steam, so you can see why they'd want to get their scammy hands all over it.

If the scammers do manage to get their hands on this file, they won't be able to use your bank details to purchase any games, but they will be able to drain your Steam wallet and plunder your inventory - including any trading cards you haven't yet sold for a whopping 4p on the marketplace.

As Gamasutra note, Valve is aware of the scam, and are advising people not to give out their SSFN files to anyone - even to that trustworthy seeming guy in the back alley with the pencil moustache and oily grin.